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SECURE INTERNET-BASED CALL ACCOUNTING SERVICE 

FIELD OF THE INVENTION 

This invention relates generally to call accounting systems 
managing the accounting of telephone charges for an enterprise, 
and more particularly to a call accounting system that provides 
call accounting services in a secure, cost-effective manner. 

BACKGROUND OF THE INVENTION 

Enterprises, typically utilize call accounting services 
provided by an on-site call accounting system, or by using a 
call accounting application service provider (ASP) , to correctly 
apportion telephone charges to individual users or departments. 
The call accounting ASP is typically located at a site remote 
from a particular enterprise. In typical operation, the call 
accounting ASP collects, via a dial-up connection, the 
enterprise call detail record (CDR) data associated with 
telephone calls made and received at the enterprise. The CDR 
data is also referred to as ticket data, and includes a calling 
number, called number, call duration, and other parameters. The 
call accounting ASP processes the CDR data to produce a usage 
profile and generate reports, which are then provided to the 
enterprise customer. 

FIG. 1 is a schematic block diagram of a typical system 
for providing call accounting services. The system includes an 
enterprise network 10 and a call accounting ASP network 12 
coupled to each other over a public switched telephone network 
(PSTN) 14. The enterprise network 10 includes a private branch 
exchange unit (PBX) 16 managing incoming and outgoing calls for 
the enterprise. The PBX generates the CDR or ticket data for 
each call and stores it in a buffer box 18 at the end of the 
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call. The buffer box is generally a temporary storage device 
supporting dial-up connections for accessing the buffer box from 

5 a remote location. The call accounting ASP periodically 
initiates a dial-up connection with the buffer box over the PSTN 
14, and pulls the CDR data using the dial-up connection. 

The call accounting ASP processes the CDR or ticket data 
to produce a usage profile which may include, for example, a 

10 calling number, called number, time of day, trunk, tariff rate, 
cost of call, and other data associated with a call. The call 
accounting ASP utilizes the usage profile to generate reports 
and/or bills which are provided to the enterprise network. 

Reliance on dial-up connections over the PSTN 14 to 
provide call accounting services has resulted m conventional 
call accounting ASP services operating at relatively low data 
transfer rates and incurring long distance telephone costs. 
Accordingly, there is a need for a call accounting ASP service 

20 that operates more robustly and in a cost-effective manner, 
while maintaining adequate security . Adequate security is 
desirable for transfers of CDR data since an enterprise's call 
history may be used to deduce private details about a company's 
business . 

25 

SUMMARY OF THE INVENTION 

The present invention is directed to a system and method 
for providing call accounting services in a secure, cost- 
effective manner. In accordance to one embodiment of the 

30 

invention, a system for providing call accounting services 
includes a first network collecting and encrypting call 
parameter information. The first network may be, for example, 
an enterprise network. The system further includes a second 
35 network receiving, decrypting, and processing the call parameter 
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information for generating a usage profile. The second network 
may be, for instance, a call cost accounting ASP network. The 
call parameter information is transmitted from the first network 
to the second network over a public computer network, such as, 
for instance, a public internet. 

In accordance to another embodiment of the invention, a 
method for providing call accounting services includes an 
intelligent ticket collector retrieving call parameter 
information from a storage location and encrypting the retrieved 
call parameter information. The intelligent ticket collector 
transmits to a service provider the encrypted call parameter 
information over a public computer network. The service 
provider receives, decrypts, and processes the call parameter 
information for generating a usage profile. 

It should be appreciated, therefore, that the use of a 
public computer network for transmitting call parameter 
information helps substantially reduce the costs and data 
transfer time associated with PSTN dial-up connections. In 
addition, security risks associated with data transfers over the 
public computer network are reduced by encrypting the call 
parameter information before its transmission. 

BRIEF DESCRIPTION OF THE DRAWINGS 

These and other features, aspects and advantages of the 
present invention will be more fully understood when considered 
with respect to the following detailed description, appended 
claims, and accompanying drawings where: 

FIG. 1 is a schematic block diagram of a typical system in 
the prior art for providing call accounting services; 
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FIG. 2 is a schematic block diagram of a system for 
providing a call accounting ASP service according to one 
embodiment of the present invention; 

FIG. 3 is a more detailed schematic block diagram of an 
intelligent ticket collector according to one embodiment of the 
present invention; and 

FIG. 4 is a flow diagram of a process for providing call 
accounting services using the intelligent ticket collector of 
FIG. 3 according to one embodiment of the invention. 



DETAILED DESCRIPTION 

FIG. 2 is a schematic block diagram of a system for 

15 

providing a call accounting ASP service according to one 
embodiment of the present invention. The system preferably 
includes an enterprise network 2 0 connected to a call accounting 
ASP network 22 over a public wide area network, such as, for 

20 example, a public internet 24. The enterprise network 20 
preferably includes one or more private branch exchange (PBX) 
units (generally referenced at 26) coupled to one or more buffer 
boxes (generally referenced at 28) via data communication link 
30. Buffer boxes 28 are also preferably coupled to an 

25 intelligent ticket collector (ITC) 32 and a network access 
server (NAS) 34 over data communication link 36. Also coupled 
to the ITC 32 and NAS 34 over data communication link 3 6 is a 
switching node3 8 capable of relaying voice and/or data for the 
enterprise . 

30 

Data communication link 30 is preferably a serial link. 
Data communication link 36 is preferably a direct internet 
protocol (IP) link, but may alternatively take the form of a 
serial link or PSTN connection. PBX units 2 6 are conventional 

35 
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in the art, and include logic and circuitry for managing 
incoming and outgoing calls and related data for the enterprise. 

The buffer boxes 28 are preferably temporary storage units 
for storing data received from the PBX units, such as, for 
example, FIFO buffers or other buffers conventional in the art. 
Each buffer box preferably includes a serial connection, dial-up 
connection, and/or direct internet connection for communicating 
with its associated PBX 26, ITC 32, or NAS 34. 

The switching node 38 is preferably a gateway device such 
as, for example, a router or a bridge, that resides at the edge 
of the enterprise. The switching node 38 preferably includes 
one or more internal buffers for storing data associated with 
incoming and/or outgoing telephone calls. 

The ITC 32 is preferably a stand-alone enterprise server 
running one or more software applications for collecting, 
encrypting, and transmitting call detail record (CDR) data. CDR 
2 0 data is also referred to as ticket data, and may include a 
calling number, called number, call duration, and/or other call 
parameters . 

In alternative embodiments, the ITC resides in one or more 
of the PBX units 26 or within the switching node 38. Electronic 
mail functionality may also be incorporated into the PBX units 
26 or the switching node 38 that includes the ITC 32 for 
allowing encrypted CDR data to be e-mailed directly to the cost 
accounting ASP network 22 without invoking the MAS 34. The ITC 
32 may also be programmed to provide fraud alerts and other 
alarm generation conditions, such as, for example, alarms for 
expensive off-hour or trunk- to -trunk calls, generally rendered 
by the call accounting ASP. 

The NAS 34 is preferably a firewall and electronic mail 
35 server for the enterprise network 20. The NAS pushes the 
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encrypted CDR data to the call accounting ASP network via 
electronic mail or any other IP data transmission method 
5 conventional in the art. The NAS 34 also provides corporate 
firewalls for protecting data transfers within the enterprise 
network 20. 

The call accounting ASP network 22 preferably includes one 
or more call accounting computers running a conventional call 
10 accounting software. The one or more call accounting computers 
further include a decryption module for decrypting encrypted 
data received from the enterprise network 20. 

In general terms, each PBX unit 2 6 generates CDR data for 
calls transmitted by end devices connected to the PBX. Such end 

15 

devices include telephones, individual personal computers, and 
the like. Preferably, the CDR data is generated by the PBX unit 
2 6 at the time of the call, and stored in the buffer box 28 when 
the call is terminated. For calls managed by the switching node 

2 0 38, the switching node 3 8 generates the CDR data and stores it 
in its internal buffer. 

The ITC 32 preferably polls the buffer boxes 28 and/or 
switching node 3 8 on a periodic basis to collect the stored CDR 
data. The NAS 34 preferably provides corporate firewalls for 

25 protecting the transfer of the CDR data between the buffer 
boxes/switching node 38 and ITC from external access. 

The ITC 32 encrypts the collected CDR data using standard 
encryption algorithms. The encrypted CDR data is then 
transmitted to the call accounting ASP network 22 over the 

30 

internet 24, preferably using the NAS 34. Preferably the 
encrypted CDR data is transmitted as an electronic mail. 
However, a person skilled in the art should recognize that any 
other encrypted data transfer mechanism conventional in the art 
35 may be used to transmit the CDR data. 

351233-1 



41888/JEC/X2 134/059 

A receiving computer on the call accounting ASP network 
receives the encrypted data and preferably decrypts it using a 
private key. The decrypted data is passed to its call 
accounting software for processing to produce call accounting 
reports including usage profile information. The usage profile 
information preferably includes calling numbers, called numbers, 
telephone trunk information, telephone company tariff rates, 
call costs, and/or other information associated with the calls. 
The usage profile preferably identifies the individuals and 
departments within each division making the calls, allowing the 
call costs to be correctly apportioned to the appropriate cost 
centers. The usage profile may also include information about 
data usage as well as phone usage. For instance, the usage 
profile may include IP traffic summaries of usage of the 
Internet by various subnets or individual personal computers. 

The call accounting reports may then be transmitted to the 
enterprise via electronic mail, or made available to enterprise 
network users on a password-protected server on the internet 24. 
The enterprise may use the reports to track and correctly 
apportion call costs to the appropriate individuals or 
departments . 

FIG. 3 is a more detailed schematic block diagram of the 
ITC 32 of FIG. 2 according to one embodiment of the present 
invention. The ITC preferably includes an input port 40, an 
encryption module 42, a data transfer protocol stack 44, and an 
output port 46. The encryption module 42 and data transfer 
protocol stack 44 are preferably software modules. However, the 
ITC may be created as a combination of hardware, software, 
firmware, and/or dedicated hardware unit. 

The input port 4 0 preferably receives CDR data from data 
communication link 36. The data transfer protocol stack 44 
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preferably contains a TCP/IP based File Transfer Protocol (FTP) 
used to collect the CDR data from the PBX units 26. 

5 Alternatively, the data transfer protocol stack 44 contains a 
point-to-point (PPP) protocol for collecting data over the PSTN 
via a modem connection to the PBX units 26. 

The encryption module 42 encrypts the collected CDR data 
using a public-key cryptography or a secret-key cryptography 

10 conventional in the art. For instance, the encryption module 
62 may include a script programmed to use public-key 
cryptography to encrypt the collected CDR data with a public 
key. Conventional encryption packages such as, for example, PGP 
(Pretty Good Privacy) may be used for doing the encryption. 

The output port 4 6 receives the encrypted CDR data and 
transmits it to the call accounting ASP network 22 over the 
internet 24 . 

It is understood, of course, that FIG. 3 illustrates a 
2 0 block diagram of the ITC 32 without obfuscating inventive 
aspects of the present invention with additional elements and/or 
components that may be required for creating the ITC. These 
additional elements and/or components, which are not shown in 
FIG. 3 are well known to those skilled in the art. 
25 FIG. 4 is a flow diagram of a process for providing call 

accounting services using the ITC 32 according to one embodiment 
of the invention. The process starts, and in step 60, a call 
is initiated and completed through the PBX 26 or switching node 
3Q 3 8 by an end device on the enterprise network 20. In step 62, 
the PBX 62 or switching node 38 generates the CDR data 
associated with the call according to conventional methods. In 
step 64, the PBX 2 6 transmits the CDR data over data 
communication link 3 0 to its corresponding buffer box 2 8 for 

35 
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storage. If the switching node 38 is used, the CDR data is 
stored in internal buffers within the switching node 38. 

5 In step 66, the ITC 32 collects the CDR data from the PBX 

26 and/or switching node 38. If the ITC 32 is located remotely 
from the PBX 26 or switching node 38, the ITC preferably 
collects the CDR data via an FTP session over an IP data 
communication link. Alternatively, the ITC 32 collects the CDR 

10 data via a modem connection over the PSTN. 

In step 68, the ITC 32 invokes its encryption module 42 to 
encrypt the collected CDR data according to conventional 
methods. If public-key encryption is used, the encryption 
module 42 encrypts the CDR data using a public key and the 

1 5 

private key for decrypting the CDR data is made available to the 

call accounting ASP network 22. 

In step 70, the ITC 32 forwards the encrypted CDR data to 

the NAS 34 which then transmits the data to the call accounting 
2 0 ASP network 22 over the internet 24. Preferably the encrypted 

CDR data is transmitted in the form of an electronic mail 

according to conventional methods. 

In step 72, the call accounting computer in the call 

accounting ASP network 22 receives the encrypted CDR data and 
25 in step 74, decrypts the data preferably using its private key. 

In step 76, the call accounting computer generates usage profile 

data 76 to be included in a call accounting report. In step 78, 

the call accounting computer provides the usage profile data in 
^ o the call accounting report to the enterprise network. The usage 

profile data may be provided via electronic mail or via a web 

page on a password-protected server on the internet 24. 

It should be appreciated, therefore, that the use of the 

public internet 24 to push the CDR data to the cost accounting 
35 ASP network 22 helps reduce the costs and data transfer delays 
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associated with PSTN dial-up connections. Furthermore, the 
encryption of the CDR data by the ITC 32 provides security in 
using the relatively unsafe internet for the data transfer. 

Although this invention has been described in certain 
specific embodiments, those skilled in the art will have no 
difficulty devising variations which in no way depart from the 
scope and spirit of the present invention. It is therefore to 
be understood that this invention may be practiced otherwise 
than is specifically described. Thus, the present embodiments 
of the invention should be considered in all respects as 
illustrative and not restrictive, the scope of the invention to 
be indicated by the appended claims and their equivalents rather 
than the foregoing description. 
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